Filtered by vendor Buffalo
Subscribe
Search
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46681 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-04 | N/A | 7.8 HIGH |
| Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command. | |||||
| CVE-2021-20092 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. | |||||
| CVE-2021-3512 | 1 Buffalo | 48 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 45 more | 2022-07-12 | 8.3 HIGH | 8.8 HIGH |
| Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-20731 | 1 Buffalo | 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more | 2021-06-16 | 8.3 HIGH | 8.8 HIGH |
| WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-20091 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2021-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. | |||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||||
| CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | |||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | |||||
| CVE-2018-13319 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | |||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0554 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2018-0555 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | |||||
| CVE-2018-0523 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2018-03-26 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0522 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2018-03-26 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | |||||
| CVE-2018-0521 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2018-03-26 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2017-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4815 | 1 Buffalo | 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more | 2016-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||